from the open-[secrets] dept

Overclassification and abuse of FOIA exemptions is a given with most of our nation's security/law enforcement agencies. Two agencies -- the DHS and the FBI -- both redacted publicly-available information on drone possession and usage. Why? Because no one will stop them. Public accountability isn't something these agencies embrace. Their real love is secrecy, obfuscation and an allegiance to the eternal protection of "techniques and procedures," even when the information has already been disseminated elsewhere.

While it appears the USMS is not under any nondisclosure agreement with the device manufacturer, the agency has withheld a wide range of basic information under an exemption meant to protect law enforcement techniques. However, much of the redacted data is already available online via a federal accounting website…

Particular item names and descriptions are universally redacted throughout the documents. But released invoices and purchase orders indicate that USMS spending on cell site simulators and related services totaled nearly $10 million between September 2009 and April 2014.

As MuckRock's Shawn Musgrave points out, this information deemed too sensitive to be released to a FOIA requester can be found at the General Services Administration's website. The GSA handles a majority of government contracts and, as a government entity, is only allowed to display information deemed suitable for public consumption. The same information withheld by the US Marshals Service has been previously cleared for release on the GSA's site.

An overabundance of caution by the US Marshals Service? Maybe. Or maybe it's just accustomed to throwing plenty of black ink around when fielding FOIA requests. Either way, this withholding of publicly-available data suggests one thing: the USMS's justification for blotting out this info doesn't mean shit.

Extensive redactions throughout the document cache are made under a provision in the federal Freedom of Information Act — exemption (b)(7)(E), for the FOIA nerds — meant to protect law enforcement information.

Specifically, per the Justice Department’s own guidelines, this exemption covers information that "would disclose techniques and procedures for law enforcement investigations or prosecutions”, or that “would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law."

The trouble is, much of the information blacked out by USMS FOIA officers is already available online to the general public, and hardly qualifies as law enforcement information as defined in this provision.

It's not that the US Marshals Service doesn't understand the correct deployment of FOIA exemptions. It just doesn't care. How a dollar amount can be both publicly-available through the GSA and a too-sensitive-for-the-public "technique or procedure" will never be explained by the wilfully opaque law enforcement agency. At best, it will suggest the redaction was an error. But more likely, it will be happy to stay quiet on the issue and allow the BS exemptions to speak for themselves.

from the finally,-a-victory dept

For quite some time now, we've been covering how various law enforcement agencies have been using "Stingray" (or similar) cell tower spoofing devices to track the public. Beyond the questionable Constitutionality of such mass surveillance techniques, what's been really quite incredible is the level of secrecy surrounding such devices. We've written about how the US Marshals have "intervened" in various court cases to hide info about the use of Stingrays -- and even telling local law enforcement to lie about their use of the devices. We've written about law enforcement officials claiming "terrorism" as the reason for needing Stingrays, but then using them for everyday law enforcement. We've written about the company that makes Stingrays, Harris Corp., forcing police to sign non-disclosure agreements barring them from revealing any info about their use. It also appears that Harris Corp. misled the FCC to receive approval for its mobile tower spoofing capabilities. Some police departments have even withdrawn evidence rather than talk about their use of Stingrays.

Thankfully, there's been growing concern about these devices. Congress has been investigating and now it appears at least some courts are getting skeptical about the use of Stingrays. The New York Civil Liberties Union (NYCLU) has highlighted that a judge in one of its cases has ordered the Erie County Sheriff's Office to reveal information to the public about its Stingray operations. The full ruling [pdf] is worth reading. While denying the NYCLU's claim that the Sheriff's Office didn't conduct a thorough search as required, the judge is not at all impressed by the redactions in the documents that were released:

The purchase orders should have been disclosed in their entirety, without redaction of the various words, phrases, and figures thus far withheld. The purchase orders (and more particularly the redacted words, phrases, and prices), were not "compiled for law enforcement purposes" in the sense meant by the statute but, even if they were, their disclosure would not: "interfere with law enforcement investigations or judicial proceedings"; "identify a confidential source or disclose confidential information relating to a criminal investigation," meaning a particular ongoing one; or "reveal [non-'routine'] criminal investigative techniques or procedures, meaning techniques a knowledge of which would permit a miscreant to evade detection, frustrate a pending or threatened investigation, or construct a defense to impede a prosecution.... Further, the purchase orders (or, more precisely, the information redacted therefrom), although clearly constituting inter-agency materials" (the other agency involved was Erie County and its Office of the Comptroller), amount entirely to "instructions to staff that affect the public".... Indeed, the instructions set forth in the purchase orders—'in essence, "Pay this bill of this vendor for this item purchased by the Sheriff's Office at this price"—was and is of quintessentially compelling interest to and of undeniable impact upon the taxpaying public.

Finally, the Court finds that the purchase orders, and particularly the matters redacted therefrom, are not "specifically exempted from disclosure by state or federal statute" .... The Court rejects respondent's arguments that the disclosure sought here would, if made, violate a particular federal statute, regulatory scheme, and executive order forbidding (and indeed criminalizing) the export of certain sensitive technology without government license or the illicit revelation of sensitive information about such sensitive technology to foreign nationals. The Court instead is convinced by petitioner's argument that the disclosure of public records pursuant to New York's Freedom of Information Law and the within judicial directive -- even records concerning respondent's ownership and use of a cell site simulator device -- does not amount to the actual export of such arms, munitions, or defense technology. Further, the Court is satisfied by showing on this record that petitioner, a New York not-for-profit corporation, is not a "foreign person," meaning that the disclosures sought by it pursuant to FOIL would not in fact run afoul of related federal legal restrictions on the revelation of sensitive technical data about export-restricted arms or technology.

Oh, as for the non-disclosure agreement with Harris Corp.? The judge notes that a non-disclosure agreement is not a federal regulation:

At the outset, the Court notes its agreement with petitioner's observation that the FBI-drafted non-disclosure agreement is not itself a federal statute specifically exempting anything from disclosure....

In fact, later in the order, the court says that the non-disclosure agreement itself should be disclosed:

Likewise, the Court concludes that this public record ought to have been disclosed in its
entirety. As indicated, the agreement was entered into between the FBI and respondent as an
apparent pre-condition of respondent's being allowed to acquire and use the cell site simulator.
The gist of the letter is not a recitation of the technological capabilities of the device or even the
"hows" and "whens" or the advantages of its use for law enforcement purposes, but rather
simply the need for the Sheriff's Office to avoid disclosing the existence, the technological
capabilities, or any use of the device to anyone, lest "individuals who are the subject of
investigation ... employ countermeasures to avoid detection," thereby endangering the lives
and safety of law enforcement officers and others and compromising criminal law enforcement
efforts as well as national security. The Court has no difficulty in concluding that the agreement
(or, more precisely, each redacted-at-length passage of it) was not "compiled for law
enforcement purposes" in the sense meant by the statute....
Again, even if it was, the Court would conclude that the disclosure of the non-disclosure
agreement would not thwart or prejudice any particular ongoing law enforcement investigation
or pending prosecution.... Nor, the Court concludes,
would the disclosure of the non-disclosure agreement "identify a confidential source or disclose
confidential information relating to a criminal investigation," again meaning a specific ongoing
one, or "reveal" other than "routine" "criminal investigative techniques or procedures"....

There's a lot more, including other documents, and all of that leads the judge to also grant attorney's fees to the NYCLU. It will be interesting to see if the Sherriff's Office challenges this, but it's a pretty complete win for transparency in an area that law enforcement has been trying to keep totally secret for quite some time now.

from the I-got-a-name-and-I-got-a-number-I-got-a-line-on-you dept

The CIA's recent rebranding as Valhalla for US cyberwarriors notwithstanding, the agency's general focus has been intelligence gathering on foreign governments, corporations and people. That it has often mistaken "torturing people into saying whatever they can to make it stop" for "intelligence gathering" isn't necessarily germane to the following discussion, but it's worth noting that the CIA is almost single-handedly responsible for destroying the term "extraordinary rendition" -- a formerly innocuous (and complimentary) term previously used to highlight something like, say, Johnny Cash's amazing cover of Soundgarden's' "Rusty Cage." (That Cash's two best covers are "Hurt" and "Rusty Cage" is not germane to the discussion of CIA torture programs, but what a coincidence!)

The Central Intelligence Agency played a crucial role in helping the Justice Department develop technology that scans data from thousands of U.S. cellphones at a time, part of a secret high-tech alliance between the spy agency and domestic law enforcement, according to people familiar with the work.

The CIA and the U.S. Marshals Service, an agency of the Justice Department, developed technology to locate specific cellphones in the U.S. through an airborne device that mimics a cellphone tower, these people said.

"These people" are likely keeping both eyes on their backs at this point, considering this revelation sheds more light on two things both agencies would like to keep in permanent darkness: the CIA's involvement in domestic surveillance and the US Marshals' airborne "dirtboxes," which are hoovering up tons of phone call info using high-flying IMSI catchers.

The planes fly from five US cities and cover "most of the US population," according to the Wall Street Journal and its unnamed sources. The technology appears to have debuted overseas under the CIA's auspices. Nothing about that fact is surprising or, indeed, of major concern in terms of US civil liberties (although likely not welcome news for any foreign citizens in the CIA's coverage area). What is more surprising -- or rather, disappointing -- is that the DOJ saw the foreign surveillance tech deployed by the CIA and said, "We could really use this here. In the US. On our fellow Americans."

Not only that, but if the CIA is involved in any significant way, there are some legal issues that need to be discussed.

The CIA has a long-standing prohibition that bars it from conducting most types of domestic operations, and officials at both the CIA and the Justice Department said they didn’t violate those rules.

Phew. [Wipes brow.] Oh. Wait. The DOJ utilizing CIA dirtboxes to surveill US citizens probably breaks some rules. (The courts will probably have to sort this out -- and, unfortunately, there's a chance they'll find otherwise.) But that's not what the DOJ is saying. It's saying that the CIA doesn't violate the "don't conduct [most types] of domestic surveillance" rules. Which is probably true. It just hands of the tools of totalitarianism to the DOJ and the domestic side of the equation takes over. It's wrong because it subverts the roles of both agencies but it's technically right because the DOJ's agencies do the actual surveillance -- not the CIA. That's how that works. Technically legal. But wrong in just about every other way.

It isn't as though the DOJ just stopped by to ask about the CIA's flying machines. It had a very active role in the creation of the domestic Mile High Spy Club.

For years, the U.S. Marshals’ Technical Operations Group worked with the CIA’s Office of Technical Collection to develop the technology. In the early days it was the CIA that provided the most resources, said the people familiar with the matter.

For now, it's the unnamed "people" vs. the public front-mouths for various incestuously intertwined intelligence/law enforcement agencies. Last last year, the DOJ was asked to explain its flying cell tower spoofers, but the best defense it offered was, "Hey, at least it's not the Section 215 program," along with a half-assed Glomar ("neither confirm nor deny") that admitted more than it withheld.

The CIA is likewise mostly silent on the matter, offering up only the weak defense that the CIA has given other stuff to domestic agencies and that's all been perfectly legal. Likewise the DOJ… again with its "We're not the NSA" assertions meant to make it look like Captain Fourth Amendment by comparison:

A Justice Department spokesman said Marshals Service techniques are “carried out consistent with federal law, and are subject to court approval.” The agency doesn’t conduct “domestic surveillance, intelligence gathering, or any type of bulk data collection,” the spokesman said, adding that it doesn’t gather any intelligence on behalf of U.S. spy agencies.

But it's not just metadata or call records. The CIA-built, DOJ-deployed devices also listen in.

In 2005, the CIA gave the Marshals Service technology to conduct “silent stimulation” of those types of cellphones, both for identifying them and, with a court order, intercepting the communications, these people said.

So, according to the DOJ, it doesn't participate in bulk data collection. But an untargeted device that flies overhead and forces all phones in range to submit to its advances isn't anything but a bulk data collection. Sure, there may be an eventual target, but until that target is acquired, everything else gets swept up into the DOJ's flying coffers. Even with "catch-and-release" -- the least intrusive form of cell tower spoofing -- innocent Americans are still at the mercy of the government as spoofers gather communications, cut off data usage and force all phones to the least technologically-advanced connection possible.

The DOJ's excuses are horrible, especially in light of the surveillance tool's origins. If the Wall Street Journal's sources are correct, the DOJ re-deployment of foreign intelligence gathering tech makes it the Victor Kiam of domestic spookery: "We liked it so much, we used it on our own people!"

[I]n the newly uncovered document (.pdf)—a warrant application requesting approval to use a stingray—FBI Special Agent Michael A. Scimeca disclosed the disruptive capability to a judge.

“Because of the way, the Mobile Equipment sometimes operates,” Scimeca wrote in his application, “its use has the potential to intermittently disrupt cellular service to a small fraction of Sprint’s wireless customers within its immediate vicinity. Any potential service disruption will be brief and minimized by reasonably limiting the scope and duration of the use of the Mobile Equipment.”

Notably, the application (and the magistrate's approval) do not refer to the device by any of the common names (Stingray, IMSI catcher, cell tower spoofer, etc.), but rather as "mobile pen register/trap and trace equipment." While it does admit the device will "mimic Sprint's cell towers," it downplays the potential impact of the device's use.

The fact that Stingray devices disrupt cell service isn't new, but an on-the-record admission by law enforcement is. The warrant application claims that numbers unrelated to the ones being sought will be "released" to other cell towers. The unanswered question is how long it takes before this release occurs.

“As each phone tries to connect, [the stingray] will say, ‘I’m really busy right now so go use a different tower. So rather than catching the phone, it will release it,” says Chris Soghoian, chief technologist for the ACLU. “The moment it tries to connect, [the stingray] can reject every single phone” that is not the target phone.

But the stingray may or may not release phones immediately, Soghoian notes, and during this period disruption can occur.

The problem with the so-called "release" is related to the amount of disruption that occurs when the device is used. Advances in cell technology have surpassed the ability of Stingray devices to capture calling info and location data. Upgrades are available and law enforcement agencies are scrambling to get their cell tower spoofers up-to-date, but the general process still involves "dumbing down" everyone's connection to the least secure and most easily-intercepted connection: 2G.

In order for the kind of stingray used by law enforcement to work, it exploits a vulnerability in the 2G protocol. Phones using 2G don’t authenticate cell towers, which means that a rogue tower can pass itself off as a legitimate cell tower. But because 3G and 4G networks have fixed this vulnerability, the stingray will jam these networks to force nearby phones to downgrade to the vulnerable 2G network to communicate.

If a device is in operation nearby, all calls that can't find a better connection will be routed to the cell tower spoofer. This means calls won't be connected, texts won't be sent/received and internet service will be knocked offline. While Stingrays are supposed to allow 911 calls to pass through without interruption, these are far from the only type of "emergency" communications. If the device is deployed for any considerable length of time, citizens completely unrelated to the criminal activity being investigated may find themselves unable to communicate.

And while the targeted number apparently belonged to Sprint, the warrant application notes that all service providers in the area will be asked to turn over a large amount of subscriber information.

[D]irecting AT&T, T-Mobile U.S.A., Inc., Verizon Wireless, Metro PCS, Sprint-Nextel and any and all other providers of electronic communication service (hereinafter the "Service Providers") to furnish expeditiously real-time location information concerning the Target Facility (including all cell site location information but not including GPS, E-911, or other precise location information) and, not later than five business days after receipt of a request from the Federal Bureau of Investigation, all information about subscriber identity, including the name, address, local and long distance telephone connection records, length of service (including start date) and types of service utilized, telephone or instrument number or other subscriber number or identity, and means and source of payment for such service (including any credit card or bank account number), for all subscribers to all telephone numbers, published and nonpublished, derived from the pen register and trap and trace device during the 60-day period in which the court order is in effect…

This request seems to run contrary to what's asserted earlier in the warrant application, in reference to the Stingray device itself.

In order to achieve the investigative objective (i.e., determining the general location of the Target Facility) in a manner that is the least intrusive, data incidentally acquired from phones other than the Target Facility shall not be recorded and/or retained beyond its use to identify or locate the Target Facility.

It appears there is a "catch-and-release" policy when it comes to Stingray devices, but the FBI's data request to every cell phone service provider in the area contains no such assurances about minimization. Additionally, the request for data on "all subscribers to all telephone numbers" covers a 60-day period, while the use of the tower spoofer is limited to two weeks.

So, not only did the FBI potentially disrupt cell service while searching for the robbery suspects, it also collected a massive amount of data on every subscriber whose phone happened to connect with its fake tower. It's not really "catch-and-release" if additional call/location data on unrelated subscribers is obtained from from other providers. This broad request was granted without question or additional stipulations by the magistrate judge -- the only limitation applied (in a handwritten addition, no less) being that the FBI would not be able to use the device "in any private place or when they have reason to believe the Target Facility is in a private place." (This falls in line with the FBI's "warrant requirement," which is written in a way that ensures the FBI will never have to seek a warrant for Stingray use.)

The FBI, along with other law enforcement agencies, has refused to answer questions about the disruptive side effects of Stingray device usage. With the unsealing of this document, their silence no longer matters. These agencies are well aware of these devices' capabilities -- something they're clearly not comfortable discussing. The excuses deployed routinely involve "law enforcement means and methods" and claims about "compromising current and future investigations," but with more heat being applied by the nation's legislators, this code of silence may finally be broken. The use of these devices -- despite being fully aware that critical communications may be at least temporarily prevented -- sends a continual implicit message to the public: your safety and well-being is subject to law enforcement's needs and wants.

from the let-the-finger-pointing-begin! dept

Despite the feds' best efforts to keep IMSI catchers (Stingray devices, colloquially and almost certainly to the dismay of manufacturer Harris Corporation, as they head to becoming the kleenex of surveillance tech) a secret, there's still enough information leaking out around the edges of the FBI's non-disclosure agreements to provoke public discussion.

That article and previous others concerning the device reveal the StingRay was certified for use by the Federal Communications Commission (FCC), contingent upon the conditions that StingRay’s manufacturer sell these devices solely to federal, state, and local public safety and law enforcement; and that state and local law enforcement agencies must coordinate in advance with the Federal Bureau of Investigation (FBI) before acquiring or using this equipment. According to the article, these devices now have been purchased by 48 law enforcement agencies in 20 states and the District of Columbia and used in hundreds of cases.

Yep, the devices are pretty much everywhere and no one wants to talk about them. When the US Marshals Service isn't stepping in to physically remove Stingray-related documents, local law enforcement agencies are disguising their use of these devices behind vague warrants and subpoenas.

What Sen. Nelson wants to know is what the FCC knows about Stingrays.

What information the FCC may have had about the rationale behind the restrictions placed on the certification of the StingRay, and whether similar restrictions have been put in place for other devices;

Whether the FCC inquired about what oversight may be in place to make sure that use of the devices complied with the manufacturer’s representations to the FCC at the time of certification; and

A status report on the activities of the “task force” you previously formed to look at questions surrounding the use of the StingRay and similar devices.

What we DO know so far about the interplay of Harris, the FBI and the FCC is that the first two parties have been less than forthright with the third. Harris managed to push its devices past the FCC by implying they would only be used in emergencies -- even though it was already clear at the point it made that statement that law enforcement agencies were frequently deploying them in non-emergency situations.

The FBI has performed its own obfuscation, implying in a letter to law enforcement agencies that the FCC required the signing off a non-disclosure agreement with the FBI. The FCC has since denied this, and obtained documents indicate it's the FBI that wants to control the flow of information regarding Stingrays, not the other way around.

I imagine the FCC would be compliant with this request, considering its past relationship with the FBI and Harris. But it can expect to run into significant resistance from the DOJ, which still believes that the long-exposed technology should still be afforded NSA-level secrecy -- especially when answers to Sen. Nelson's questions will likely expose its less-than-honest dealings with the FCC.

Somebody needs to provide some answers and, while it's really the FBI that should be talking at this point, the FCC's take on this -- and its dealings with the FBI -- should be enlightening. The FBI's insistence on secrecy is not only screwing defendants during the discovery process, but it's also harming local law enforcement itself, which has shown an alarming willingness to drop cases/charges rather than reveal the use of Stingray devices.

from the yeah-but-no-not-even-close dept

Another case involving Stingray devices has made its way into the federal court system, prompting the ACLU to join the battle on behalf of the defendant. A murder-for-hire sting conducted by the Baltimore police and the FBI involved the use of a Stingray device, but the paperwork used to justify the deployment says nothing about an IMSI catcher. The order obtained by the Baltimore PD is for a pen register/trap and trace device. [pdf link]

Uncharacteristically, the Baltimore PD disclosed its use of a Stingray device to locate a suspect's phone during court proceedings. Even more uncharacteristically, the government is fighting to keep the evidence from being suppressed, rather than opting to protect its means and methods at the expense of collected evidence.

The government said the court order obtained by authorities, called a pen register, covers the technology because it refers to cellular tracking device and GPS location information.

But the ACLU argues that the state's statute for such pen register orders "makes no provision for, or even mention of, a 'cellular tracking device' " and is commonly understood to only include the "trapping" of call log information.

"In addition, there is absolutely no indication in the application or the order that the authorization will subject potentially unlimited numbers of innocent third parties to dragnet surveillance, none of whom will ever receive notice that their phones were tracked and that the search will intrude into constitutionally protected spaces," the ACLU wrote.

The government argues that no Fourth Amendment violations occurred, even if the court order said nothing about the device used to locate the phone. It asserts that everything was legit, and even if it wasn't, it was an honest mistake and it would have just found the suspect and his phone sooner or later -- perhaps even by using the method it actually requested. [pdf link]

[T]he Government argues that the search was not in violation of the Fourth Amendment for three reasons: (1) the search was authorized by the February 5, 2014, Order (the “Order”), which was a valid warrant; (2) even if the warrant was deficient, law enforcement acted in good faith reliance on it; and (3) even without a warrant, the evidence obtained would not be subject to exclusion because the inevitable discovery doctrine applies.

Wrong, wrong and wrong, according to the defendant's (Robert Harrison) counsel.

The Order was not a valid warrant for at least three reasons. First, the Application in support of the Order was purposefully misleading. The Government crafted the Application as if it were a routine application for a pen register or a trap and trace device, citing the applicable Maryland statutory authorization. It did not mention the term “cell site simulator,” nor did it describe the novel technology in a manner that the judge would understand its intrusiveness on the privacy rights of Harrison or others. Second, although the Government now seeks to treat the Order as a warrant, it failed to comply with the statutory temporal requirements for the execution of warrants, which impacts probable cause. Third, the Order fails the particularity requirement because it specified that it was authorizing a search of only the target phone, but, instead, the cell site simulator searched the phones of infinite third parties in the vicinity. As such, if it was a warrant, it was an illegal general warrant.

The "good faith" exception -- the benefit of a doubt the government frequently extends to itself -- is also addressed.

Further, the Government cannot rely on the good faith exception or the inevitable discovery doctrine. The good faith exception cannot apply here because the purported warrant was facially invalid, and the affiant knowingly or recklessly misled the magistrate with material omissions concerning the cell site simulator. The inevitable discovery doctrine likewise does not apply because the Government’s argument is predicated on an alternative plan that is latent with speculation and conjecture, instead of historically verifiable facts.

Going beyond this, the government attempts to claim the Pen Register order is no different than an actual search warrant -- something it didn't have in its possession when it used the cell site spoofer to "search" Harrison's premises (as well as anyone else's within range) for the cell phone. The filing points out that the statute under which the order was obtained doesn't provide for the issuance of warrants. Even if the government wanted to treat the order like a warrant, it was missing all sorts of specifics crucial to search warrants -- like the particularity of the search, time limitations and probable cause findings.

Not only that, but by obtaining a Pen Register order rather than a search warrant, the government deliberately hid its methods from the courts. The particulars of the technology being deployed were never presented to the magistrate. All of this adds up to one thing: even if the government wants to pretend the order was a warrant, at the very best, it was in possession of a general warrant -- the sort of thing that the Fourth Amendment is in place to safeguard against.

The government also blew past temporal limits normally found in warrants. In its arguments, it wants to have it both ways -- the leniency of the 60-day window provided for Pen Register orders and the powers granted to those in possession of actual search warrants, which are only good for 15 days after issuance. The deployment of the Stingray didn't occur until 50 days after the Pen Register order was obtained.

Addtionally, the phone sought by the FBI and Baltimore PD was no longer in possession of the sting target by the time it went "searching" for it. Within a day of obtaining the Pen Register order, the phone was answered by an unknown male, who told the informant that the suspect (Smith) would call him back on his personal phone. Further records submitted as evidence note that every call between Smith and informants occurred on personal phones, rather than the phone the government was looking for. As the filing points out, had the government sought a warrant to locate this phone, it would have been unable to provide probable cause findings. As things stood nearly a month after the Pen Register order was obtained, the government didn't know much about who actually had the phone, much less whether the phone was still being used as part of the murder-for-hire plot.

By covering up its use of a Stingray device, the government availed itself of the less stringent standards inherent to Pen Register orders. But when it comes to defending itself against complaints of Fourth Amendment violations, the government attempts to portray the order as indistinguishable from a search warrant -- except for all the stuff it's supposed to do on its end to ensure rights aren't violated.

from the the-warrant-that-wasn't-there dept

As Mike covered here earlier, Sens. Grassley and Leahy are asking the FBI for more answers on its Stingray usage. Not that anyone should be holding their breath in anticipation of a response. The government's use of Stingray devices has been actively hidden from the public (and criminal defendants) for years. Local law enforcement's use has also been hidden, thanks to a bizarre set of non-disclosure agreements, both with the manufacturer (Harris) and the FBI itself.

So, while we wait for the heavily-redacted responses to the senators' queries to eventually arrive at an undetermined point in the far future, let's take a closer look at what the FBI has actually gone on record with about its Stingray use.

The good news (that actually isn't) is this: the FBI now has a warrant requirement for Stingray deployment. But there are (of course) exceptions.

[W]e understand that the FBI’s new policy requires FBI agents to obtain a search warrant whenever a cell-site simulator is used as part of a FBI investigation or operation, unless one of several exceptions apply, including (among others): (1) cases that pose an imminent danger to public safety, (2) cases that involve a fugitive, or (3) cases in which the technology is used in public places or other locations at which the FBI deems there is no reasonable expectation of privacy.

A Stingray device is rarely deployed from the comfort of the suspect's living room. In fact, it's safe to say this never happens. What does happen is that Stingrays are deployed from vehicles on public streets or flown overhead in aircraft. It would probably be safe to say that there has not been a Stingray deployment that didn't occur in a public place.

So, there's really no need to ever seek a warrant. The FBI can point proudly to its new warrant requirement as evidence of its respect for privacy, just as long as no one asks if there are any exceptions. Grassley and Leahy, however, have asked. And they have mastered the art of the understatement. They continue:

We have concerns about the scope of the exceptions.

The rule is demolished by the exception. There is no rule. There is no need for the FBI to ever seek a warrant for Stingray usage. If some weird situation does manage to crop up, it will probably involve some other exception (including ones that aren't listed here), and we're back to square one.

If and when the answers arrive, the numbers following these questions will be highly illuminating.

2. From January 1, 2010, to the effective date of the FBI’s new policy: a. How many times did the FBI use a cell-site simulator? b. In how many of these instances was the use of a cell-site simulator authorized by a search warrant? c. In how many of these instances was the use of the cell-site simulator authorized by some other form of legal process? Please identify the legal process used. d. In how many of these instances was the cell-site simulator used without any legal process? e. In how many of the instances referenced in Question 2(d) did the FBI use a cell-site simulator in a public place or other location in which the FBI deemed there is no reasonable expectation of privacy?

Given the scope of the "public place" exception, the answers to (d) and (e) should be nearly identical. All that remains to be seen is how close those numbers are to 2(a).

from the good-for-them dept

We've written plenty about Stingrays and other "IMSI Catcher" devices that allow law enforcement to set up what are effectively fake cell phone towers, designed to intercept calls and locate certain individuals. These devices are deployed in near total secrecy, often by law enforcement who got them from the federal government. There is little to no oversight over how these are used (and abused). The attempts to keep the details a total secret represent really egregious behavior from all involved. As we've covered, police have claimed that non-disclosure agreements with the manufacturers (such as Harris Corp.) prevent them from getting a warrant to use the devices. The DOJ, somewhat famously, had a whole plan for how to mislead judges about the use of these devices, with official documentation telling DOJ officials to be "less than explicit" and "less than forthright" to judges about how the tech was being used. In some cases, the US Marshals have stepped in and seized documents from local police forces to block them from being released in response to FOIA requests.

In short, law enforcement really doesn't want how it uses these devices revealed. And yet, reporters and activists keep digging up more information, including the WSJ finding out that the US Marshals (them again!) have been putting airborne versions of these devices, called DRT boxes, on airplanes and flying them over cities, likely scooping up information on tons of innocent people with no warrant.

At least some in our government are concerned about this. Senators Patrick Leahy and Chuck Grassley have been pressing government officials on this, and before the holidays sent a letter to Attorney General Eric Holder and Homeland Security Boss Jeh Johnson demanding answers. One very interesting tidbit is that in response to some of this public disclosure, the FBI now, at least, gets warrants before using the technology -- but the Senators would like more details:

We wrote to FBI Director Comey in June seeking information about law enforcement use of cell-site simulators. Since then, our staff members have participated in two briefings with FBI officials, and at the most recent session they learned that the FBI recently changed its policy with respect to the type of legal process that it typically seeks before employing this type of technology. According to this new policy, the FBI now obtains a search warrant before deploying a cell-site simulator, although the policy contains a number of potentially broad exceptions and we continue to have questions about how it is being implemented in practice. Furthermore, it remains unclear how other agencies within the Department of Justice and Department of Homeland Security make use of cell-site simulators and what policies are in place to govern their use of that technology.

But, still, the Senators would like a few more details:

The Judiciary Committee needs a broader understanding of the full range of law enforcement agencies that use this technology, the policies in place to protect the privacy interests of those whose information might be collected using these devices, and the legal process that DOJ and DHS entities seek prior to using them.

For example, we understand that the FBI’s new policy requires FBI agents to obtain a search warrant whenever a cell-site simulator is used as part of a FBI investigation or operation, unless one of several exceptions apply, including (among others): (1) cases that pose an imminent danger to public safety, (2) cases that involve a fugitive, or (3) cases in which the technology is used in public places or other locations at which the FBI deems there is no reasonable expectation of privacy.

We have concerns about the scope of the exceptions. Specifically, we are concerned about whether the FBI and other law enforcement agencies have adequately considered the privacy interests of other individuals who are not the targets of the interception, but whose information is nevertheless being collected when these devices are being used. We understand that the FBI believes that it can address these interests by maintaining that information for a short period of time and purging the information after it has been collected. But there is a question as to whether this sufficiently safeguards privacy interests.

The specific questions being asked:

1. Since the effective date of the FBI’s new policy:

a. How many times has the FBI used a cell-site simulator?
b. In how many of these instances was the use of the cell-site simulator authorized by a search warrant?
c. In how many of these instances was the use of the cell-site simulator authorized by some other form of legal process? Please identify the legal process used.
d. In how many of these instances was the cell-site simulator used without any legal process?
e. How many times has each of the exceptions to the search warrant policy, including those listed above, been used by the FBI?

2. From January 1, 2010, to the effective date of the FBI’s new policy:

a. How many times did the FBI use a cell-site simulator?
b. In how many of these instances was the use of a cell-site simulator authorized by a search warrant?
c. In how many of these instances was the use of the cell-site simulator authorized by some other form of legal process? Please identify the legal process used.
d. In how many of these instances was the cell-site simulator used without any legal process?
e. In how many of the instances referenced in Question 2(d) did the FBI use a cell-site simulator in a public place or other location in which the FBI deemed there is no reasonable expectation of privacy?

3. What is the FBI’s current policy on the retention and destruction of the information collected by cell-site simulators in all cases? How is that policy enforced?

4. What other DOJ and DHS agencies use cell-site simulators?

5. What is the policy of these agencies regarding the legal process needed for use of cell-site simulators?

a. Are these agencies seeking search warrants specific to the use of cell-site simulators?
b. If not, what legal authorities are they using?
c. Do these agencies make use of public place or other exceptions? If so, in what proportion of all instances in which the technology is used are exceptions relied upon?
d. What are these agencies’ policies on the retention and destruction of the information that is collected by cell-site simulators? How are those policies enforced?

6. What is the Department of Justice’s guidance to United States Attorneys’ Offices regarding the legal process required for the use of cell-site simulators?

7. Across all DOJ and DHS entities, what protections exist to safeguard the privacy interests of individuals who are not the targets of interception, but whose information is nevertheless being collected by cell-site simulators?

Anyone taking bets on how few of these questions will actually be answered?

In a unanimous decision written by (Harper appointee) Justice Thomas Cromwell, the court issued a strong endorsement of Internet privacy, emphasizing the privacy importance of subscriber information, the right to anonymity, and the need for police to obtain a warrant for subscriber information except in exigent circumstances or under a reasonable law.

Prior to the court decision, the RCMP and border agency estimate, it took about five minutes to complete the less than one page of documentation needed to ask for subscriber information, and the company usually turned it over immediately or within one day.

Five minutes! Amazing. And disturbing. A 5-minute process indicates no one involved made even the slightest effort to prevent abuse of the process. The court's decision has dialed back that pace considerably. The RCMP is now complaining that it takes "10 hours" to fill out the 10-20 pages required to obtain subscriber info. It's also unhappy with the turnaround time, which went from nearly immediate to "up to 30 days."

In response, the RCMP has done what other law enforcement agencies have done when encountering a bit of friction: given up.

"Evidence is limited at this early stage, but some cases have already been abandoned by the RCMP as a result of not having enough information to get a production order to obtain (basic subscriber information)," the memo says.

The RCMP also points out that the 30-day response period will sometimes outlast the 30-day IP log retention period, resulting in information being destroyed before the agency can access it. It also notes that it's facing a bit of backlash in the wake of the Supreme Court's decision.

Banks, hotels, and car rental companies are reviewing the Supreme Court decision and "a few have signalled less voluntary co-operation" in future.

Yeah, that's a shame. But it seems to be a feeling that's becoming increasingly common as the pendulum swings back towards protecting the rights of the public. Several companies have spent years being forced to play the submissive part in this involuntary relationship, handing out an endless number of "how highs" in response to the government's "jump!" orders. "Less voluntary" is what the future holds for intelligence agencies and law enforcement alike.

If the RCMP is dropping cases because it doesn't have enough put together to "fulfill the requirements" of its warrant paperwork, then it really doesn't have enough of a case put together to be demanding that third parties turn over information related to the suspect. It's that simple. The cases it has dropped obviously aren't strong enough to justify attempts to gather more information. The warrant requirement is going to turn the RCMP into a better law enforcement agency -- one that doesn't pursue certain investigations just because they're easy. This forces the RCMP to better evaluate its caseload and cut loose those that suffer from a dearth of information. The RCMP may now be counting up its theoretical losses (the cases that it's dropping), but Canadian citizens are better protected against ad hoc bulk surveillance and law enforcement fishing expeditions.

Baltimore prosecutors withdrew key evidence in a robbery case Monday rather than reveal details of the cellphone tracking technology police used to gather it.

So… great for catching crooks but not all that great at keeping them caught. How embarrassing. That has to suck for Baltimore citizens, who have just discovered their local PD prizes non-disclosure agreements over putting bad guys away.

City police Det. John L. Haley, a member of a specialized phone tracking unit, said officers did not use the controversial device known as a stingray. But when pressed on how phones are tracked, he cited what he called a "nondisclosure agreement" with the FBI.

Which most people would take to mean don't go around spilling the details to normal citizens, family members or journalists. But as we've seen repeatedly, law enforcement agencies have taken this FBI-required NDA to mean (very conveniently, I might add) that they're allowed to tell no one. Goodbye, crusty old "due process" ideals. Hello, parallel construction.

But in this case, the judge responded with an obvious statement -- one that is made far too infrequently.

Then Judge Williams called the PD's bluff: explain the evidence's origin or face contempt charges. Faced with this, the prosecution folded.

It's no secret the Baltimore Police Dept. has a Stingray device. Here's a document from 2009 containing the city council's approval of the Stingray purchase. Here's another document showing the PD's request for additional funds to upgrade the device. The general public is already aware of the device's existence and capabilities, and yet, the police balk at discussing it publicly, even if it means potentially damaging a prosecutor's case.

It's not just the phone-related evidence that's being withdrawn. It's everything derived from that Stingray-related search, including a handgun.

This isn't Judge Williams' first experience with police officers unwilling to discuss Stingray usage. The Baltimore Sun reports he also dealt with a non-discussion of the technology back in September. The device was used to track a phone (and a suspect) to a certain location. When Williams asked how the officers ascertained that the suspect actually had the phone on him, they actually invoked national security rather than answer the question.

"If it goes into Homeland Security issues, then the phone doesn't come in," Williams said. "I mean, this is simple. You can't just stop someone and not give me a reason."

That's how this is supposed to work. If law enforcement agencies want to deploy super-secret technology, then they shouldn't be able to drag evidence of unexplained origin into the courts with them. Allowing them to have it both ways steamrolls due process.